Date: Tue, 5 Oct 2010 10:02:54 -0500 From: Doug Poland <doug@polands.org> To: Ryan Coleman <ryan.coleman@cwis.biz> Cc: Adam Vande More <amvandemore@gmail.com>, FreeBSD Mailing List <freebsd-questions@freebsd.org>, Peter Boosten <peter@boosten.org> Subject: Re: OT: Apache as reverse SSL proxy Message-ID: <20101005150254.GA61709@polands.org> In-Reply-To: <CE36D1CE-D495-4FCA-87FF-0B6D3A8B62DA@cwis.biz> References: <20101004221506.GA8662@polands.org> <AANLkTinCfhmyb1XVXOk4PiSs-MMRPJ4bjvkb6bYiiODJ@mail.gmail.com> <20101005035354.GB8662@polands.org> <4CAAAC4A.5060106@boosten.org> <4CAAB89F.70907@infracaninophile.co.uk> <2C683AF7-AFA5-4D5E-8575-19455EBB142B@cwis.biz> <AANLkTinvPvHHqVE4Vmcan5koTasTFPn2xUZxYEyVwAf1@mail.gmail.com> <CE36D1CE-D495-4FCA-87FF-0B6D3A8B62DA@cwis.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 05, 2010 at 02:32:11AM -0500, Ryan Coleman wrote: > > On Oct 5, 2010, at 2:05 AM, Adam Vande More wrote: > > > On Tue, Oct 5, 2010 at 1:36 AM, Ryan Coleman <ryan.coleman@cwis.biz> wrote: > >> > >> On Oct 5, 2010, at 12:33 AM, Matthew Seaman wrote: > >> > >>> Nowadays there is also the possibility of RFC2817 -- in essence > >>> you start an ordinary HTTP session, then issue a STARTTLS command > >>> and upgrade the connection to encrypted. This will allow > >>> name-based virtual hosting with TLS to work as intended. > >>> Unfortunately, last I checked, while apache supports this, most > >>> web browsers do not. > >> > >> Throwing just my two bits in: Apache supports it, as does Firefox, > >> and nothing else (maybe Safari does...). > >> > >> IE definitely does not. I looked into this before opting to go > >> multiple static IPs at home for my webservers. > >> > > > > IE 7+ does however support RFC 3546(SNI), which is the defacto > > standard for accomplishing SSL name based vhosts. > > http://en.wikipedia.org/wiki/Server_Name_Indication > > Thanks all for the confirmation and information on apache, vhosts, HTTPS, and reverse proxying. In my situation, the clients are custom written applications on embedded systems. I don't know much about their ability to conform with the latest RFC's but my guess is they will not.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101005150254.GA61709>